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REMARKS 

Claims 1-19 are pending in this application. Claims 1, 2, 3, 16, 17, and 19 have 
been formally amended to clarify the scope of the invention. Applicant respectfully 
submits that no new matter has been added by these amendments. Support for these 
amendments can be found throughout the specification and original claims, specifically 
on page 3, lines 1-3 and page 10, lines 17-21. 

Ob jection to the Drawings 

The drawings are objected to because the Rejection asserts that the claimed 
"plurality of user interface images" is not shown in the Figures. Applicant respectfully 
disagrees. Specifically, as stated on page 9, line 30 - page 10, line 2 and referring to 
Figure 1, "[t]he database 138 contains data representing the multiple user interface 
images 140 and the multiple executable procedures 142. The multiple user interface 
images 140 are associated with corresponding multiple organizations". Thus, the claimed 
element is clearly shown in Figure 1 (and elsewhere) and properly described in 
accordance with 35 USC 112 such as to enable the claimed arrangement. The claimed 
"plurality of user interface images" is denoted in Figure 1 by reference numeral "140". 
Moreover, on page 7 of the present application, it states that Figures 2-14 depict the 
plurality of user interface images (page 7, lines 20-22). Therefore, it is respectfully 
submitted that no modification to either the drawing or the specification is needed. 
Therefore, Applicant respectfully requests that the objection to the drawings be 
withdrawn. 

Rejection of Claims 1 - 19 under 35 USC 101 

Claim 1 is rejected under 35 USC 101 because the claimed invention is not 
directed towards statutory subject matter. While the Rejection notes claim 1 in the 
preamble thereof, the discussion of the Rejection appears to reject claims 1 - 19. 
Therefore, Applicant will treat the Rejection as being intended over claims 1 - 19. 

The Rejections states that the components of the system are software per se and 
therefore are not patentable subject matter. Applicant respectfully disagrees. The system 
claimed throughout claims 1 — 19 may include a database, a command processor and/or 
an authorization processor. These elements are clearly described in the specification as 
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being hardware. Specifically, page 10, lines 9-11 state "[e]ach of the communication 
processor 132, the command processor 134, the authorization processor 136 may be 
implemented in software and/or hardware and operates responsive to a software 
program stored in the database 138." Therefore, Applicant respectfully submits that the 
claimed system fully complies with 35 USC 101 and contains patentable subject matter. 
Thus, Applicant respectfully requests that the rejection of claims 1-19 under 35 USC 
101 be withdrawn. 



Rejection of Claims 1-19 under 35 U.S.C. 102 fe) 

Claims 1-19 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Thompson et al. (U.S. Publication No. 2003/0229522). 

Amended claim 1 recites a system enabling individual organizations of a plurality 
of different organizations to manage access of their own respective employees to at least 
one remotely located application hosted by an application service provider. At an 
application service provider site, at least one database is included and contains data 
representing a plurality of user interface images associated with a corresponding plurality 
of organizations and a plurality of executable procedures associated with the 
corresponding plurality of user interface images. An executable procedure supports a user 
of a particular organization of the plurality of organizations in managing access of 
employees of the particular organization to an application hosted by an application 
service provider and used by said plurality of organizations. A command processor 
employs the at least one database for initiating execution of a particular executable 
procedure in response to a command initiated at a remote location associated with the 
particular organization using a particular user interface image associated with the 
particular executable procedure and with the particular organization. The particular 
executable procedure supports the user in managing and granting access of an employee 
of the particular organization to an application and associated application data specific to 
the particular organization and excluding access to the application data specific to the 
particular organization by employees of organizations other than the particular 
organization. For the reasons presented below, Applicant respectfully submits that 
Thompson fails to provide any 35 USC 112 compliant enabling disclosure of each feature 
claimed in amended claim 1 and does not anticipate amended claim 1. 
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Unlike the present claimed system, Thompson describes a benefit management 
system that provides a portal-based information management and collaborative business 
process application. The Thompson system and method is focused at the benefit 
broker/consultant and is configured to capture employee benefit management data, such 
as demographic data and plan data. One or more users of the Thompson system are 
provided with customized user access to the centralized application for use in performing 
one or more various benefit plan management functions, such as, for example, marketing, 
plan design; enrollment; administration; and communication between one or more 
application users (see Abstract). Thus, contrary to the claimed system, the Thompson 
system merely enables access of data after authorization has been completed and does 
NOT allow individual customers to manage and control their own access rights as well as 
exclude access of "application data specific to said particular organization" from other 
users without the need to contact the application service provider (ASP). 

Contrary to the claimed system, Thompson, in Figure 8 and the corresponding 
description, describes an ASP (application service provider) environment wherein data 
access is controlled AFTER user authorization is completed. In the claimed invention in 
contrast, "the system 100 enables individual organizations 104 of multiple different 
organizations to manage access of employees to a remotely located application 123 
hosted by an application service provider 121" (Application, page 9,lines 27-30). Client 
management of a particular application hosted by an ASP is NOT equivalent to the 
environment which is described in Thompson. Thompson, in paragraph [0271] (and 
Figure 8) which was cited as anticipating the claimed features, explicitly describes a 
"multi-tiered architecture 900 for an application service provider". Thompson describes 
the three tiers as the client tier (a user interface), a middle tier (business logic) and a data 
tier (application data storage accessible by users). However, this is fundamentally 
different from the present claimed invention because this architecture functions to allow a 
user to access applications and data AFTER a user is previously authorized to do. The 
Thompson three tiered architecture described in paragraphs [0271], [0273] and [0275] 
provides no 35 USC 112 compliant enabling description of use of a "particular 
executable procedure" associated with an organization specific user interface image 
"supporting the user in managing and granting access of an employee of the particular 
organization to an application and associated application data specific to said particular 
organization and excluding access to said application data specific to said particular 
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organization by employees of organizations other than said particular organization" as 
recited in the present claimed invention. Unlike Thompson, the claimed system enables 
individual customer organizations of an ASP to manage their OWN access of their own 
employees without ASP intervention. 

Figure 1 of the present application shows a system for accessing a server via 
firewall to grant rights using data 123 and application 125. However, data 123 and 
application 125 are NOT an APPLICATION OR APPLICATION DATA employed 
by a user in processing data but are authorization related applications and data e.g. 
permissions (Application, page 14 lines 10-15 and page 15 lines 8-18 etc) used to grant 
access to the application and application data. This architecture is neither disclosed nor 
suggested by Thompson. 

Thompson superficially describes Authorization to access and limit rights to 
access an application and application data in paragraphs [0266], [0267], [0269], [0283] 
and [0285]. However, these paragraphs fail to disclose or suggest organization specific 
use and associated organization specific procedures as claimed in the present claimed 
invention. Thompson merely shows that a user admin functionality provides the 
application administrator with the ability to create a user and user authorization, 
(Thompson, [0266]). However, Thompson nowhere suggests "in response to a command 
initiate d at a r emote location associated with the particular organization using a particular 
user interface image associated with the particular executable procedure and with the 
particular organization, the particular executable procedure supporting the user in 
managing and granting access of an employee of the particular organization to an 
application and associated application data specific to said particular organization and 
excluding access to said application data specific to said particular organization by 
employees of organizations other than said particular organization" as claimed. Thus, 
Thompson does not show or suggest a system enabling individual customers of an ASP 
service to manage their own access rights excluding access by other customers without 
need to consult the ASP as in the present claimed invention. As each feature claimed in 
claim 1 is neither shown or suggested by Thompson, Applicant respectfully submits that 
Thompson does not anticipate the present claimed invention. Consequently, it is 
respectfully requested that the rejection of claim 1 be withdrawn. 
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Amended claim 2 is dependent on claim 1 and is considered patentable for the 
reasons presented above with respect to claim L Claim 2 is also considered patentable 
because Thompson neither discloses nor suggests "said at least one database, said 
command processor, said application and associated application data specific to said 
particular organization are located at said application service provider site behind a 
firewall and access through said firewall by users of said plurality of organizations". 
Specifically, Thompson is not concerned with users managing their own client access to 
data at an ASP. As discussed above, Thompson describes an ASP environment and 
operation thereof. Thompson neither discloses nor suggest "initiating execution of a 
particular executable procedure in response to a command initiated at a remote location 
associated with the particular organization... the particular executable procedure 
supporting the user in managing and granting access of an employee of the particular 
organization to an application and associated application data specific to said particular 
organization and excluding access to said application data specific to said particular 
organization by employees of organizations other than said particular organization". 
Contrary to the claimed arrangement, the ASP environment of Thompson, while enabling 
access to data and applications, does not enable a remote user to control and manage 
user access by granting access and/or excluding access to data and/or applications as in 
the claimed arrangement. Instead, the user permissions of Thompson are controlled at the 
ASP site by the ASP. This is NOT equivalent to the present claimed invention. 
Consequently, it is respectfully requested that the rejection of claim 2 be withdrawn. 

Amended claim 3 is dependent on claims 1 and 2 and is considered patentable for 
the reasons presented above with respect to claims 1 and 2. Claim 3 is also considered 
patentable because Thompson neither discloses nor suggests that the "particular 
executable procedure and said particular user interface image are specifically associated 
with said particular organization" and that the "authorization processor excludes access 
of the user and employees of the particular organization to user interface images and 
executable procedures and data associated with organizations other than the particular 
organization" as claimed in claim 3. The section of Thompson cited on page 5 of the 
Rejection ([0284]) makes a cursory statement indicating the Thompson system has access 
controls. However, this is not 35 USC 112 compliant enabling disclosure of the claimed 
authorization processor which "excludes access" to "executable procedures and data 
associated with organizations other than the particular organization" as in the present 
claimed invention. There is nothing in Thompson that enables managing user access to 
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organization specific data and applications as performed in the present claimed invention. 
The claimed system utilizes a "particular executable procedure" and a "particular user 
interface image" that is "specifically associated with said particular organization" in 
"managing and granting access of an employee" AND "excluding access... by employees 
of organizations other than the particular organization". These features are neither 
disclosed nor suggested by Thompson. Therefore, Applicant respectfully submits that 
Thompson does not anticipate the present invention claimed in claim 3. Consequently, it 
is respectfully requested that the rejection of claim 3 be withdrawn. 



Claim 4 is dependent on claims 1 - 
presented above with respect to claims 1 
that the rejection of claim 4 be withdrawn. 



- 3 and is considered patentable for the reasons 

- 3. Consequently, it is respectfully requested 



Claim 5 is dependent on claims 1-4 and is considered patentable for the reasons 
presented above with respect to claims 1-4. Claim 5 is also considered patentable 
because Thompson fails to provide any 35 USC 112 compliant enabling disclosure that 
"the directory of permissions comprises a Microsoft compatible Active Control List 
(ACL)" as recited in the present invention. Instead, the cited section merely describes 
roles being used to give differing levels of access. This is NOT equivalent to the claimed 
feature and thus does not anticipate the claimed feature. Consequently, it is respectfully 
requested that the rejection of claim 5 be withdrawn. 

Claim 6 is dependent on claims 1-4 and is considered patentable for the reasons 
presented above with respect to claims 1-4. Claim 6 is also considered to be patentable 
because Thompson neither discloses nor suggests, "the authorization processor removes 
the permission of the user and employees of the particular organization in response to 
addition of the particular organization as a new organization to the plurality of 
organizations," as recited in the present claimed invention. Thus, when the particular 
organization is added to the plurality of organizations using the application hosted by the 
ASP, the "authorization processor removes the permission of the user and employees of 
the particular organization," so that the particular employees are only able to access the 
data of their particular organization. Applicant respectfully submits that Thompson is 
silent with regards to the affirmative act of removing permission. As there is no 
suggestion or description in Thompson of actively removing permission, there is also no 
suggestion or description for when that permission is removed, such as "in response to 
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addition of the particular organization as a new organization to the plurality of 
organizations," as recited in the present claimed invention. The passages cited in the 
Office Action ([0284], [0286] and [0023] - [0025]) merely describes limiting access to 
the Thompson system is provided through a portal. This is not equivalent to the present 
claimed feature. Consequently, it is respectfully requested that the rejection of claim 6 be 
withdrawn. 

Claim 7 is dependent on claim 1 and is considered patentable for the reasons 
presented above with respect to claim 1. Consequently, it is respectfully requested that 
the rejection of claim 7 be withdrawn. 

Claim 8 is dependent on claim 1 and is considered patentable for the reasons 
presented above with respect to claim 1. Claim 8 is also considered patentable because, 
contrary to the assertion on page 5 of the Rejection, Thompson neither discloses nor 
suggests the present claimed feature. The Rejection states that the "edit-control access" 
stated in paragraph [0286] anticipates the claimed feature of "an executable procedure" 
that "enables the user to at least one of, (a) add an employee and (b) remove an employee 
of an organization as a user entitled to access the application hosted by the application 
service provider". However, Thompson merely discloses ASP-based control of ASP 
access. This is fundamentally different from the present claimed invention which operates 
"in response to a command initiated at a remote location associated with the 
particular organization". Thus, the claimed system advantageously enables user 
management to grant and exclude access of employees remotely and without the 
intervention of the ASP hosting the application being accessed. Consequently, it is 
respectfully requested that the rejection of claim 8 be withdrawn. 

Claim 9 is dependent on claims 1 and 8 and is patentable for the reasons given 
above with respect to claims 1 and 8. Claim 9 is also considered to be patentable because 
Thompson neither discloses nor suggests, "the executable procedure changes 
authorization information associated with the added or removed employee," as recited in 
the present claimed invention. Applicant respectfully submits that contrary to the 
assertion in the Rejection, paragraph [0286] of Thompson merely describes using roles, 
context and relation when developing different behavior of panels and business objects 
such that user permissions may change depending on context. However, this is not 
equivalent changing authorization of an employee when the employee is removed from 
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the system or added to the system. The present claimed invention, on the other hand, 
provides for "an executable procedure", and not a developer, to change "authorization 
information associated" with users and further provides no 35 USC 112 compliant 
enabling disclosure of changing authorization information "with the added or removed 
employee." Consequently, it is respectfully requested that the rejection of claim 9 be 
withdrawn. 

Claim 10 is dependent on claim 1 and is considered patentable for the reasons 
presented above with respect to claim 1. Claim 10 is also considered patentable because 
Thompson provides no 35 USC 112 compliant enabling disclosure in paragraph [284] (or 
elsewhere) of the present claimed feature. Rather, the cited section provides for an 
authorization service but does so superficially and not in a manner to enable anticipation 
of the present claimed feature. The claimed arrangement recites "an executable 
application enables the user to amend information used in authorizing a particular 
employee of an organization to access the application hosted by the application service 
provider". Thompson does not disclose or suggest how authentication may occur and 
certainly does not provide any enabling elements to "amend information used in 
authorizing" a user. Consequently, it is respectfully requested that the rejection of claim 
10 be withdrawn. 

Claims 11 and 12 are dependent on claim 1 and are considered patentable for the 
reasons presented above with respect to claim 1. Claims 11 and 12 are also considered 
patentable for the reasons presented above with respect to claims 2 and 10 because 
Thompson, while describing authentication of users, does so in a superficial manner and 
does not provide any 35 USC 112 compliant enabling disclosure of the claimed 
"authorization processor" that operates in the claimed manner. Consequently, it is 
respectfully requested that the rejection of claims 1 1 and 12 be withdrawn. 

Claim 13 is dependent on claim 1 and is considered patentable for the reasons 
presented above with respect to claim 1. Consequently, it is respectfully requested that 
the rejection of claim 13 be withdrawn. 

Claim 14 is dependent on claim 1 and is considered patentable for the reasons 
presented above with respect to claim 1. Claim 14 is also considered patentable because 
Thompson neither discloses nor suggests that "the particular executable procedure 
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comprises a template procedure customized by at least one of, (a) the user and (b) a 
technician" as recited in the present claimed invention. Contrary to the assertion on page 
7 of the Rejection, paragraph [0076] of Thompson neither discloses nor suggests the 
claimed feature. Rather, the cited section of Thompson provides a customizable template 
for different benefit plans to be utilized by the benefit designer ASP of Thompson. The 
template of Thompson "ensures [plan] design flexibility for total plan customization 
and captures the information necessary to evolve the application" (Thompson, para. 
[0076]). This is fundamentally different from the claimed "particular executable 
procedure" which operates "in response to a command initiated at a remote location 
associated with the particular organization" and "supports] the user in managing and 
granting access of an employee of the particular organization to an application and 
associated application data specific to said particular organization and excluding access 
to said application data specific to said particular organization by employees of 
organizations other than said particular organization". Thompson enables customized 
benefit plan design via a template and has nothing to do with managing user access by 
granting or excluding users from the system. Consequently, it is respectfully requested 
that the rejection of claim 14 be withdrawn. 

Claim 15 is dependent on claim 1 and is considered patentable for the reasons 
presented above with respect to claim 1. Consequently, it is respectfully requested that 
the rejection of claim 15 be withdrawn. 

Independent claim 16 is considered patentable for the reasons presented above 
with respect to claim 1. Consequently, it is respectfully requested that the rejection of 
claim 16 be withdrawn. 

Independent claim 17 is considered patentable for the reasons presented above 
with respect to claims 1-3. Consequently, it is respectfully requested that the rejection of 
claim 17 be withdrawn. 

Claim 18 is dependent on claim 17 and is considered patentable for the reasons 
presented above with respect to claim 17. Consequently, it is respectfully requested that 
the rejection of claim 18 be withdrawn. 
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Independent claim 19 is considered patentable for the reasons presented above 
with respect to claims 1 and 2. Consequently, it is respectfully requested that the rejection 
of claim 19 be withdrawn. 

In view of the above remarks and amendments to the claims, it is respectfully 
submitted that Thompson provides no 35 USC 112 compliant enabling disclosure that 
anticipates the features claimed in claims 1, 16, 17 and 19. As claims 2 - 15 are 
dependent on claim 1 and claim 18 is dependent on claim 17, Applicant respectfully 
submits that claims 2-15 and 17 are also not anticipated by Thompson. Therefore, 
withdrawal of the rejection of claims 1 - 19 is respectfully requested. 

Having fully addressed the Examiner's rejections, it is believed that, in view of the 
preceding amendments and remarks, this application stands in condition for allowance. 
Accordingly then, reconsideration and allowance are respectfully solicited. If, however, 
the Examiner is of the opinion that such action cannot be taken, the Examiner is invited 
to contact the applicant's attorney at the phone number below, so that a mutually 
convenient date and time for a telephonic interview may be scheduled. 



Alexander J. Burke 

Intellectual Property Department 

Siemens Corporation, 

Customer No.: 28524 

Tel. 732 321 3023 

Fax 732 321 3030 

June 1, 2007 




Respectfully submitted, 
Harry Snyder 
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Alexander J. Burke 
Reg. No. 40,425 
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